DROWN Vulnerability: Breaking TLS using SSLv2

OpenSSL is an open source application which contains implementation of SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols. libcrypto and libssl are 2 primary libraries of OpenSSL.

Libcrypto library is used for general-purpose cryptography, libssl provides SSL and TLS protocol support and depends on libcrypto.

DROWN stands for “Decrypting RSA using Obsolete and Weakened eNcryption.” The principle behind this attack is SSLv2 implementation against TLS also known as cross-protocol attack, which uses weaknesses in SSLv2 on an improperly configured server.

2) DROWN – Use SSLv2 to break TLS: This is a cross protocol attack which allows attacker to decrypt TLS connections by making crafted connection to an SSLv2 (possibly on different) server which uses the same RSA private key.

The DROWN attack conditions for server:

1) Communication between client and server can be read by an attacker when SSLv2 is enabled on server along with TLS connection. Users using a server supporting SSLv2 protocol are vulnerable to SSLv2 DROWN Attack Vulnerability.

2) Users who have installed vulnerable version of OpenSSL or enabled SSLv2 on their server machines are prone to attack.

3) SSLv2 is disabled in some servers even though it has shared private key with other servers having SSLv2 enabled, is also prone to attack.

SSLv2 implementation that export ciphersuites can be used to decrypt the contents of a normal TLS-based RSA ciphertext, if both SSLv2 and TLS protocols use the same secret key. This attack works only one out of a thousand TLS handshake, not every time.

Support for OpenSSL 0.9.8 and 1.0.0 ended users are recommended to uninstall or upgrade to latest OpenSSL version.

Online Test for DROWN Vulnerability
1. Visit website https://test.drownattack.com
2. Enter the domain name or IP address which needs to be tested for DROWN vulnerability.

Test for DROWN Vulnerability using tlsfuzzer tooltlsfuzzer tool can be used to find DROWN Vulnerability and can be automated.
1) Download the tools tlsfuzzer
2) Follow the instructions provided in the website to install the tools
3) Run following commands
– python scripts/test-sslv2-force-export-cipher.py -h your_website.com -p 443
– python scripts/test-sslv2-force-cipher.py -h your_website.com -p 443
4) In both cases all the individual tests in the scripts should print “OK” status

Apache:
Apache httpd 2.2.x supports SSLv2 by default hence it is vulnerable.
– Add the following line in Apache’s httpd.conf,SSLProtocol All -SSLv2 -SSLv3

NginX:
Users who have explicitly turned on SSLv2 or use an NGINX version earlier than 0.8.19 are vulnerable, SSL and TLS protocols are controlled by the ssl_protocols configuration directive, In order to enable recent TLS only, and disable SSL v2 and SSL v3, use the following syntax

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
and make sure the sslv2 not present in ssl_protocols.

OpenSSL:
Easiest and recommended solution is to upgrade 1.0.2 and 1.0.1 to 1.0.2g and 1.0.1s respectively. Users of older OpenSSL versions should upgrade to either one of these versions.

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.